attack my mail server (help)

Discussion in 'Server Operation' started by rickygm, Dec 12, 2006.

  1. rickygm

    rickygm New Member

    hello forum, for one day is having problems send mail local or external , I make netstat and I see many addresses connected ip to the port 25 of my server trying to send mail to users' account that neither they exist in my domain ,

    the account of mail of the postmaster captures all the messages with spam and virus, and I have received as 6000 false mail, that I can make to stop this attack?

    in these moments I have closed the port 25 with my firerwall , closing the port, I can send local and external mail, but I cannot receive, because they throw away me the server


    comand netstat

    tcp 0 0 165.98.245.75:25 220.128.139.82:16284 SYN_RECV
    tcp 0 0 165.98.245.75:25 202.64.193.35:22769 SYN_RECV
    tcp 0 0 165.98.245.75:25 68.157.67.203:44549 SYN_RECV
    tcp 0 0 165.98.245.75:25 69.54.44.97:58832 SYN_RECV
    tcp 0 0 165.98.245.75:25 204.181.65.201:24347 SYN_RECV
    tcp 0 0 165.98.245.75:25 64.27.109.180:3605 SYN_RECV
    tcp 0 0 165.98.245.75:25 212.70.194.252:51828 SYN_RECV
    tcp 0 0 165.98.245.75:25 151.189.21.52:56698 SYN_RECV
    tcp 0 0 165.98.245.75:25 168.10.57.11:48589 SYN_RECV
    tcp 0 0 165.98.245.75:25 200.49.193.136:10575 SYN_RECV
    tcp 0 0 165.98.245.75:25 200.193.114.4:4412 SYN_RECV
    tcp 0 0 165.98.245.75:25 62.134.61.39:47531 SYN_RECV
    tcp 0 0 165.98.245.75:25 65.161.178.162:42424 SYN_RECV
    tcp 0 0 165.98.245.75:25 64.80.51.187:12252 SYN_RECV
    tcp 0 0 165.98.245.75:25 72.54.161.219:43361 SYN_RECV
    tcp 0 0 165.98.245.75:25 213.190.70.31:58170 SYN_RECV
    tcp 0 0 165.98.245.75:25 217.156.103.59:40670 SYN_RECV
    tcp 0 0 165.98.245.75:25 218.103.63.209:52427 SYN_RECV
    tcp 0 0 165.98.245.75:25 212.234.147.107:1179 SYN_RECV
    tcp 0 0 165.98.245.75:25 212.102.130.8:41171 SYN_RECV
    tcp 0 0 165.98.245.75:25 193.111.200.230:34072 SYN_RECV
    tcp 0 0 165.98.245.75:25 210.56.16.62:43181 SYN_RECV
    tcp 0 0 165.98.245.75:25 200.110.2.197:41935 SYN_RECV
    tcp 0 0 165.98.245.75:25 64.47.55.212:42167 SYN_RECV

    :(
     
    rickygm, Dec 12, 2006
    #1
  2. drks

    drks New Member HowtoForge Supporter

    You should look into adding RBL (Blacklist) lookups to limit mail from known spammers. Additionally, I would modify the postmaster account in /etc/aliases to just junk all mail to postmaster:

    postmaster: /dev/null


    That might not work for you, but I do not know many people that can say they'd rather deal with the spam than throw away mail for postmaster.

    Perhaps if you gave us some information on the following that you are using we can help you lock it down a bit to limit Spam:

    Linux Distro / Version
    SMTP Mail Server
    ..etc
     
    drks, Dec 13, 2006
    #2

Share This Page